Markus Koschany pushed to branch master at Debian Java Maintainers / snakeyaml
Commits: 1d96a3cc by Markus Koschany at 2023-02-19T16:13:26+01:00 Declare compliance with Debian Policy 4.6.2. - - - - - 450443fb by Markus Koschany at 2023-02-19T16:23:55+01:00 Add README.Debian.security and explain that snakeyaml is not designed to process YAML input from untrusted sources. Closes: #1030046 - - - - - e7e04a3c by Markus Koschany at 2023-02-19T16:29:14+01:00 Update changelog - - - - - e96fde00 by Markus Koschany at 2023-02-19T16:34:46+01:00 Use libyaml-snake-java.docs to install README.Debian.security - - - - - 4 changed files: - + debian/README.Debian.security - debian/changelog - debian/control - + debian/libyaml-snake-java.docs Changes: ===================================== debian/README.Debian.security ===================================== @@ -0,0 +1,5 @@ +Note that snakeyaml isn't designed to operate on YAML data coming from untrusted +sources, in such cases you need to apply sanitising/exception handling yourself. + +Please see https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md +for additional information. ===================================== debian/changelog ===================================== @@ -1,3 +1,12 @@ +snakeyaml (1.33-2) unstable; urgency=medium + + * Team upload. + * Declare compliance with Debian Policy 4.6.2. + * Add README.Debian.security and explain that snakeyaml is not designed to + process YAML input from untrusted sources. (Closes: #1030046) + + -- Markus Koschany <[email protected]> Sun, 19 Feb 2023 16:28:46 +0100 + snakeyaml (1.33-1) unstable; urgency=medium * Team upload. ===================================== debian/control ===================================== @@ -24,7 +24,7 @@ Build-Depends: , libsurefire-java , maven-debian-helper (>= 1.6.5) , velocity -Standards-Version: 4.6.1 +Standards-Version: 4.6.2 Vcs-Git: https://salsa.debian.org/java-team/snakeyaml.git Vcs-Browser: https://salsa.debian.org/java-team/snakeyaml Homepage: https://bitbucket.org/snakeyaml/snakeyaml ===================================== debian/libyaml-snake-java.docs ===================================== @@ -0,0 +1 @@ +debian/README.Debian.security View it on GitLab: https://salsa.debian.org/java-team/snakeyaml/-/compare/29e65095278d192494af0a5caa03cfed861c3ad2...e96fde00c1da3ef544c5a43513bd340adf017856 -- View it on GitLab: https://salsa.debian.org/java-team/snakeyaml/-/compare/29e65095278d192494af0a5caa03cfed861c3ad2...e96fde00c1da3ef544c5a43513bd340adf017856 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
